Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack - BERITAJA

Security researchers astatine Kaspersky opportunity they person identified a malicious backdoor planted successful the celebrated and long-running Windows disc imaging software, Daemon Tools. 

The Russian cybersecurity institution said connected Tuesday that information collected from computers about the world moving the Kaspersky antivirus package shows a “widespread” onslaught is nether way, targeting thousands of Windows computers moving Daemon Tools.

The hackers, whom Kaspersky has linked to a Chinese-language speaking group based connected an study of the malware, utilized the backdoor successful Daemon Tools to works further malware connected a twelve computers crossed the retail, technological and manufacturing sectors, arsenic good arsenic authorities systems. Kaspersky said the hacking of these circumstantial computers implied a “targeted” effort. 

The institution said the targeted organizations are located successful Russia, Belarus and Thailand.

Kaspersky said the backdoor was first detected connected April 8.

Kaspersky said it had contacted Disc Soft, the institution that maintains Daemon Tools, but did not opportunity if the developer responded aliases took action. Kaspersky said the proviso concatenation onslaught is “still active,” suggesting that the hackers could still works malware connected thousands of computers moving the disc imaging software.

This is the latest successful a drawstring of alleged “supply chain” attacks that person targeted developers of celebrated package successful caller months. Hackers are progressively taking purpose astatine the accounts of developers who activity connected wide utilized codification and software, and abusing that entree to push malicious codification to anyone who relies connected the software. This attack lets the hackers break into a ample number of computers astatine erstwhile once their malicious codification is delivered arsenic a package update.

Earlier this year, hackers associated pinch the Chinese authorities hijacked the celebrated matter editing package Notepad++ to present malware to a number of organizations pinch interests successful East Asia. Security researchers besides warned of different onslaught past period targeting users who visited the website of CPUID, which makes the celebrated HWMonitor and CPU-Z tools.

TechCrunch downloaded the Windows installer from Daemon Tools’ website, and the record appeared to contain the backdoor erstwhile we checked it pinch the online malware scanner work VirusTotal.

It’s not known if the macOS type of Daemon Tools was compromised, aliases if different apps made by Disc Soft are affected.

When contacted for comment, a Disc Soft typical said they are “aware of the study and are presently investigating the situation.”

“Our squad is treating this matter pinch the highest privilege and is actively moving to measure and reside the issue. At this stage, we are not successful a position to corroborate circumstantial specifications referenced successful the report. However, we are taking each basal steps to remediate immoderate imaginable risks and to guarantee the information of our users,” the typical said.

Do you cognize much about the cyberattack targeting Daemon Tools users? Did you person an antivirus alert saying you were affected? We want to perceive from you. To interaction this newsman securely, scope retired via Signal username zackwhittaker.1337.